Ateeq Khan @OhTheITguy - Twitter Profile

over 1 year ago

[+] Using Google dorks for unique subdomains? Try this: site:*-*-*.yourtarget.com site:*-*.*.yourtarget.com site:*.*.*.yourtarget.com #bugbountytips #bugbountytip #AEMSecurity

1

22

5

21

1K

OhTheITguy retweeted

AEMSecurity @AEMSecurity

almost 2 years ago

[+] POC Video Microsoft Sharepoint Filter Bypass! Looking back in time, I found an interesting filter bypass that resulted in a "Stored XSS" vulnerability affecting Microsoft Sharepoint 2013 in Office 365 (cloud) https://t.co/HmnJuRvdVM #AEMSecurity #bugbountytips #bugbounty

1

17

3

8

2K

OhTheITguy retweeted

@stuub @stuub_

almost 2 years ago

Helios, automated XSS auditing. I'm releasing this in very early stages but I'm pretty happy with a couple days' work, excited to see where it could go. Feedback and testing is greatly appreciated! Key Features Listed in the Github :) #XSS #BugBounty https://t.co/8fFjh7BW5g

stuub_'s tweet photo. Helios, automated XSS auditing. I'm releasing this in very early stages but I'm pretty happy with a couple days' work, excited to see where it could go.

Feedback and testing is greatly appreciated!

Key Features Listed in the Github :)

#XSS #BugBounty

https://t.co/8fFjh7BW5g https://t.co/C0pTtj0zcN

10

321

68

252

18K

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 2 years ago

[+] Dont ignore those out of scope domains! Recently, I saw an application. This domain was listed as out of scope unfortunately.. More recon on target assets, I noticed very same application hosted on an IP owned by the same org Result: 4 IDOR's, 4 SXSS's #bugbountytips

AEMSecurity's tweet photo. [+] Dont ignore those out of scope domains!

Recently, I saw an application. This domain was listed as out of scope unfortunately..

More recon on target assets, I noticed very same application hosted on an IP owned by the same org
Result: 4 IDOR's, 4 SXSS's

#bugbountytips https://t.co/FenYVqxyIC

3

163

15

44

11K

Who to follow

Tur.js

@Tur24Tur

Interested in Application Security, Bug Bounty, Reverse Engineering, Frida & Ghidra @NoBugEscapes @BugBountyZip https://t.co/bltifT1jkQ

Bugra Eskici

@bugraeskici

bug hunter - https://t.co/SRecESFHxs | @SynackRedTeam

Naeem Ahmed Sayed 🇧🇩

@0xNaeem

Cyber Security Researcher || Ethical Hacker || Passionate about Hacking and Technology 💻 | Turning Challenges into Opportunities || Pentester @YogoshaOfficial

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 2 years ago

[+] FIlter bypass techniques: Sometimes you can do amazing things just by appending /? to bypass access control restrictions ;) #AEMSecurity #FilterBypass #bugbountytips #bugbountytip

AEMSecurity's tweet photo. [+] FIlter bypass techniques:

Sometimes you can do amazing things just by appending /? to bypass access control restrictions ;)

#AEMSecurity #FilterBypass #bugbountytips #bugbountytip https://t.co/swtZ97OjjS

4

144

19

71

11K

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 2 years ago

If you are looking for XSS and come across an input form lets say "description" ? instead of injecting your payload on the very first line, skip the first two i.e. press enter or something and then inject your payload on the next line instead.. #bugbountytips #XSS #AEMSecurity

2

30

4

14

4K

Ateeq Khan @OhTheITguy

about 3 years ago

@Bugcrowd O_o

0

38

OhTheITguy retweeted

AEMSecurity @AEMSecurity

about 3 years ago

[+] Auth Bypass: Find valid endpoints redirecting to login page. Register new user, provide 1 in all input fields. SUBMIT form, of course you're going to get an error, IGNORE and simply access endpoints you enumerated earlier... #bugbountytips #pentesting #AEMSecurity

AEMSecurity's tweet photo. [+] Auth Bypass:
Find valid endpoints redirecting to login page.

Register new user, provide 1 in all input fields.

SUBMIT form, of course you're going to get an error, IGNORE and simply access endpoints you enumerated earlier...
#bugbountytips
#pentesting
#AEMSecurity https://t.co/jzROiHgACn

7

203

40

81

29K

OhTheITguy retweeted

AEMSecurity @AEMSecurity

about 3 years ago

[+] Another awesome Adobe AEM Dispatcher filter bypass technique? oh okay Hunting for JSON GET Servlet on /content.1.json however result = 404? Try this: /conten/.1.json /conten/t.1.json /content.tidy.1.json /conten/.tidy.infinity.json #AEMSecurity #bugbountytips #pentesting

4

254

87

155

35K

Ateeq Khan @OhTheITguy

almost 4 years ago

Adobe AEM dispatcher filter rules bypass triggered XSS on Linkedin... https://t.co/kxLyxe8Uir via @YouTube #AEMSecurity

0

16

3

9

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

almost 4 years ago

Amazed to see CVE-2016-0956 Apache Sling POST Servlet vulnerability discovered back in 2014 still works!!!!!! #AEMSecurity #bugbountytips #bugbountytips

AEMSecurity's tweet photo. Amazed to see CVE-2016-0956 Apache Sling POST Servlet vulnerability discovered back in 2014 still works!!!!!! #AEMSecurity #bugbountytips #bugbountytips https://t.co/zlnyDmyRFU

2

70

6

15

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 5 years ago

[+] #BugbountyTips Fetch password hash via QueryBuilder Servlet? #AEMSecurity #BugbountyTip #Bugbounty

7

272

90

74

0

OhTheITguy retweeted

ႢႭႹႠ ႭႵႰႠႻႤ გოჩა ოქრაძე (Gocha Okradze) @GochaOqradze

over 5 years ago

@AEMSecurity Yes it is high level. Subscibed 🤯 Editing is super. I like your intro then xss blow my mind. Interesting fact was when you add ;.html and you got worked <h1> tag

1

3

2

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

about 5 years ago

[+] #bugbountytips Dispatcher you are awesome!! Apache Sling JSON GET Servlet bypass technique: hxxps://targetAEM/node/........json <--- blocked??? Try: hxxps://targetAEM/nod/.......json ;) #AEMSecurity #bugbountytip

6

198

76

49

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

almost 5 years ago

#bugbountytips #AEMSecurity If you have confirmed an HTML injection on AEM Instance however XSS is limited because you are unable to execute document.domain or document.cookie??? Try (cookie) ;) #bugbountytip

3

114

23

17

0

OhTheITguy retweeted

reмо̷̷иѕec

@remonsec

almost 5 years ago

Adobe AEM Security Web Series Part 1 by @AEMSecurity https://t.co/kIB0FG3MTM #bugbountytips

1

71

23

25

0

OhTheITguy retweeted

Zin Min Phyo @zin_min_phyo

over 4 years ago

I earn a €300 bounty on the Yogosha platform AEM_Tips: I analyzed the javascript code, I found this parameter, but I can't bypass of Content-Type here is the template: https://t.co/vf1817y3E6 Ref: https://t.co/gtiXlW88Oq Special thanks to @AEMSecurity #BugBountyTips

zin_min_phyo's tweet photo. I earn a €300 bounty on the Yogosha platform

AEM_Tips:
I analyzed the javascript code, I found this parameter, but I can't bypass of Content-Type
here is the template: https://t.co/vf1817y3E6

Ref: https://t.co/gtiXlW88Oq
Special thanks to @AEMSecurity

#BugBountyTips https://t.co/kDLsCo5IH2

4

129

47

53

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 4 years ago

[+] #bugbountytips You really need to analyze logs manually via "Logger" when Using Burp Suite. I confirmed 4 HTTP Request smuggling issues + 2 SSRF's and these issues were not flagged by Burp scanner so yup! see what I mean? #AEMSecurity #bugbountytip

3

140

28

29

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

over 4 years ago

[+] Exclusive! Thank you @salesforce #bugbountytips #swag

1

22

2

1

0

OhTheITguy retweeted

AEMSecurity @AEMSecurity

about 4 years ago

#bugbounty Have you ever faced this situation where you thought it was a "CRIT" however triager declares it as a "LOW"??? https://t.co/OTi8G1XZn1

1

13

4

3

0

Ateeq Khan

@OhTheITguy

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users